Impact
A missing authorization flaw in the OpenShift Cluster Logging Operator allows a user with delegated editor permissions to create a ClusterLogForwarder that forwards ServiceAccount tokens to arbitrary external destinations. The operator does not verify that the cluster log forwarder creator is authorized to use those credentials, permitting exfiltration of service account tokens and the potential use of those tokens for additional cluster access. The vulnerability is a classic example of improper authorization, identified as CWE‑862.
Affected Systems
The flaw affects the Red Hat Logging Subsystem for Red Hat OpenShift, specifically the OpenShift Cluster Logging Operator component. The affected product is identified as Red Hat Logging 6; no further version granularity is available in the listing.
Risk and Exploitability
The CVSS score of 6.8 classifies the issue as moderate, indicating a non‑trivial threat. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting low immediate exploit pressure. The likely attack vector is the creation of a ClusterLogForwarder object by an attacker with delegated editor rights; the operator will then forward the service account token to an external endpoint, enabling credential theft and potentially privilege escalation if those tokens grant broad cluster access. The risk is moderate to high in environments where delegated editors can create ClusterLogForwarder resources or where service account tokens have wide cluster permissions.
OpenCVE Enrichment